jwt Tutorial => Remove the token from client storage

Example

Remove the token from the client storage to avoid usage

Tokens are issued by the server and you can not force browsers to delete a cookie/localStorage or control how external clients are managing your tokens. Obviously if attackers have stolen the token before logout they still could use the token, therefore are needed additional measures in server side (see below for token blacklist strategy)

Cookies

You cannot force browsers to delete a cookie. The client can configure the browser in such a way that the cookie persists, even if it's expired. But the server can set the value to empty and include expires field to invalidate the cookie value.

 Set-Cookie: token=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT

Delete 'token' with javascript

document.cookie = 'token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';
localStorage.removeItem('token')
sessionStorage.removeItem('token')

PDF - Download jwt for free

Previous Next

jwt

Fastest Entity Framework Extensions

Example

Cookies

Delete 'token' with javascript

Got any jwt Question?

jwt

jwt Invalidating Json Web Tokens Remove the token from client storage

Fastest Entity Framework Extensions

Example

Cookies

Delete 'token' with javascript

Got any jwt Question?